According to Microsoft, you can virturalize Actvie Directory Domain
controllers if the underlying storage meets the requirement: "If the virtual
hosting environment software correctly supports a SCSI emulation mode that
supports forced unit access (FUA), unbuffered writes that Active Directory
performs in this environment are passed to the host operating system. If
forced unit access is not supported, you must disable the write cache on all
volumes of the guest operating system that host the Active Directory
database, the logs, and the checkpoint file." (excerpt from:
http://support.microsoft.com/kb/888794).

When I moved my Primary Domain Controller (2008r2) from DAS to iSCSI/DRBD, I
got lots of scsi errors logged on the ESXi host, drbd duplicate local write
messages and strange results - eventually resulting (probably through an
error on my part) in out of sequence AD databases. I punted and rebuilt the
DC from scratch on DAS, synced with the BDC, siezed all the roles needed,
etc. and considered myself lucky.

Operationally, I'd prefer to have both DC's on DRBD\iSCSI storage, but I'm
unwilling to jump in again without some sort of a push that it's "OK". I can
build a new domain on a couple other virtual machines in an isolated
network, but I'm not sure I could drive enough traffic at it to recreate the
problems I had. Unfortunately, I don't have the error messages, but they
sounded nasty. I might be able to recreate them if DRBD really ought to
support such a use.

Configuration:
two ESXi 4u1 hosts, each with a Debian 503 running DRBD 8.3.7 and
iSCSItarget to serve the drbd disks to VMWare.

Currently, each ESXi has a DC on DAS, but I'd like to have them both have a
DC on iSCSI storage.